
		<?php 
			$email = $password = $phone = $fname = $lname = $branch = $owned_car = '';
			$emailErr = $passwordErr = $passwordErr2 = $phoneErr = $fnameErr = $lnameErr = $branchErr = $owned_carErr = '';
			
			/*
				This code block is accessed whenever a form has been submitted. 
				It checks that required fields are complete and also checks the format with preg_match. 
				Special characters are removed using the clean_field function. 
			*/
			if ($_SERVER["REQUEST_METHOD"] == "POST")
			{
				$arrCheck = 0;

				//Check all of the fields and fill variables. 

				if (empty ($_POST["email"])) {
					$emailErr = "Please enter a valid email address";
				}
				else {
					$email = clean_field ($_POST["email"]);
					if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) {
						$emailErr = "Invalid email format. (ex: example@email.com)";
					}
				}
				
				if (empty ($_POST["password"])) {
					$passwordErr = "Please enter a valid password";
				}
				else {
					$password = clean_field ($_POST["password"]);
					if (!preg_match("/^(?=.*[A-Z])(?=.*[0-9])(?=.*[a-z]).{8,}$/", $password)) {
						$passwordErr = "Invalid password. Passwords must contain at least 1 capital letter, 1 lower case letter, and 1 number, and be at least 8 characters long.";
					}
					else { //Generate a hashed password using a randomly generated salt. Store that salt in the database.
						$salt = openssl_random_pseudo_bytes(8);
						$salt = bin2hex($salt);
						$hashed_password = hash("sha256", $password . $salt);
					}
				}

				if (empty ($_POST["password2"])) {
					$passwordErr2 = "Please re-enter your password.";
				}
				else {
					if ((clean_field($_POST["password2"]) != $password) && !empty($password))
						$passwordErr2 = "The entered passwords do not match.";
				}

				if (empty ($_POST["phone"])) {
					$phoneErr = "You must enter a phone number.";
				}
				else {
					$phone = clean_field ($_POST["phone"]);
					if (!preg_match("/^\d{3}-\d{3}-\d{4}$/", $phone)) {
						$phoneErr = "Invalid phone format. (ex: 123-456-7890)";
					}
				}

				if (empty ($_POST["fname"])) {
					$fnameErr = "Please enter your first name."; 
				}
				else {
					$fname = clean_field ($_POST["fname"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
						$fnameErr = "Names can only include letters and white space.";
					}
				}

				if (empty ($_POST["lname"])) {
					$lnameErr = "Please enter your last name.";
				}
				else {
					$lname = clean_field ($_POST["lname"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $lname)) {
						$lnameErr = "Names can only include letters and white space.";
					}
				}

				$errArray = array($emailErr, $passwordErr, $passwordErr2, $phoneErr, $fnameErr, $lnameErr);
				
				//Checking to see if there are any errors in the form submission.
				foreach ($errArray as $key => $value) {
					if (!empty($value))
						$arrCheck = 1;
				}
				// //If there are no errors...
				if ($arrCheck == 0) {
					//Connect to the database.
					$con = mysqli_connect ("localhost", 'root', 'ilovesloths13', '4350');

					if (mysqli_connect_errno()) {
					  echo "Failed to connect to MySQL: " . mysqli_connect_error();
					  exit();
					}
					
					// Query for inserting all form data into the user table
					mysqli_query ($con, "insert into user(email, password, salt, first_name, last_name, phone)
						values('$email', '$hashed_password', '$salt', '$fname', '$lname', '$phone')");
						
					//There should be another query for uploading the actual file for the abstract. 

					mysqli_close($con);
					
					//Redirect to the home page after the form is successfully submitted. 
					header("Location: home.php");
				}
		}
	
	//This function removes special characters from user input.
	function clean_field ($data)
	{
		$data = trim($data);
		$data = stripslashes($data);
		$data = htmlspecialchars($data);
		return $data;
	}


	?>
